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Abstract 

In |2], Verdure gives the factorisation patterns of division polynomials of 
elliptic curves denned over a finite field. However, the result given there contains 
a mistake. In this paper, we correct it. 

1 Introduction 

Let p > 3 be a prime number and q a power of p. Let E be an elliptic curve over 
the finite field ¥ q . Thus, we can assume that E has equation E : y 2 = x 3 + ax + b. 

The set of rational points on E, denoted by E(¥ q ), has group structure. If n is an 
integer, we denote by i?(F g )[n] (or E[n] if the field is the algebraic closure ¥ q of ¥ q ) 
the rational points of order n. If n is relatively prime with p, E[n] = 7LjnL x Z/nZ. 

Let ipn(x) be the division polynomials of E (see pQ). As it is well known, the 
roots of the polynomial tjj n are the abscissas of the n-torsion points, that is 

P = (x, y) G E[n] ^ ip n (x) = 0. 

Hence, the factorisation patterns of these polynomial give information about the 
extension where the n-torsion points are defined. 
The Frobenius endomorphism, 

ip: E{T q ) E(¥g~) 
(x,y) -> {x q ,y q ) 

characterizes the rationality of a point of the elliptic curve as follows 

VP G E{T q ), P G E(¥ q n) <=> ^(P) = P. 

In the paper Factorisation of division polynomials (Proc. Japan Academy, Ser 
A. 80, no. 5, pp. 79-82), Verdure gives the degree and the number of factors of the 
division polynomial of an elliptic curve. However, the result present there contains 
a mistake. We correct it here. 



2 Patterns of l-th division polynomials 

Let / be an odd prime different from the characteristic of ¥ q . We present here the 
factorisation patterns of division polynomial only when the /-torsion points generate 
different extension fields (the wrong result in 2 ). If all /-torsion points are defined 
over the same extension field, the factorisation can be found in 
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First of all, we fix the notation. Let / be a one variable polynomial over a field 
K of degree n. We say that the factorisation pattern of / is 



((ai,ni),...,(a d ,n d )) 



if / factorizes over K as 



d rii 



with Pij an irreducible polynomial of degree ctj. 

The next result shows how the Frobenius endomorphism acts on E[l] when the 
/-torsion points are not all defined over the same extension of F q . 

Lemma 1 (|2j) Let E be an elliptic curve defined over F q . Let a be the degree 
of the minimal extension over which an l-torsion point is defined, I an odd prime 
not equal to the characteristic of¥ q . Assume that E[l] <£_ E(F q a). Then there exist 
p € F^* of order a and a basis P, Q of E[l] over Fi in which the n-th power of the 
Frobenius endomorphism can be expressed, for all n, as: 



The previous result help us to determine the factorisation pattern of division 
polynomial ifti(x) when its factors are not all of the same degree. The next proposi- 
tion solves the mistake, in the function i(x,y), made in [2]. 

Proposition 2 Let E be an elliptic curve defined over F q . Let a be the degree of 
the minimal extension over which E has a non-zero l-torsion point. Assume that 
E[l] <£_ E(F q a). Let p £ F^* be as defined in Lemma^\ Let j3 be the order of q/p in 
F^ . Then the pattern of the division polynomial ipi is: 




((*(«)> 27^y) 5 W), mk)> (<(«, 0), ijsjy)) 



ifq = p 2 



with 




x odd, 



x even. 



and 




x,y even and V2(x) = V2(y) 
otherwise. 
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Remmark 3 Verdure gives the function i(x,y) = lcm(x,y)/2 when x and y are 
both even. 

Proof. 

We follow the proof given in [2] except for the wrong cases. 

Let / be an irreducible factor ipi{x) of degree d, and P a point of /-torsion 
corresponding to one of its roots, then d is the minimum positive integer n such that 
<f n (P) = ±P. Let (P, Q) be a basis of E[l] as in Lemma ^ We distinguish the cases 
q ^ p 2 and q = p 2 . 

i) Suppose that q ^ p 2 . If R is an /-torsion point which is a non-zero multiple 
of P (or Q), we have that the minimum n such that (f n (R) = ±-R is n = h(a) 
(or h(/3)). Notice that, (p n (R) = —R if and only if a (or (3) is even, and hence 
n = a/2 (or 0/2). 

Finally, let R be any non-zero /-torsion point not of the previous form, then 
R = k(P + jQ) with 1 < j, k < I - 1. So, <p n (R) = k(y n (P) + j<p n (Q)). The 
subgroup generated by R ((R)) is rational over ¥ g n if and only if (p n (R) = ±R. 
The minimum extension where (R) is defined is ¥ q ™, with n minimum such 
that <p n (R) = ±R. 

It is easy to prove that <p n (R) = R if and only if ip n (P) = P and tp n {Q) = Q. 
Hence lcm(a, (3) \ n and n = lcm(a, (3) is the minimum. 

On the other hand, <p n (R) = -R, if and only if <p n {P) = -P and ip n (Q) = -Q. 
This is only possible when a and (3 are both even. Moreover, lcm(a/2, (3/2) \ n 
and a or f3 not divides lcm(a/2, (3/2) (if, for example, a \ lcm(a/2, (3/2), then 
ip n {P) = P). On the other hand, a/2 and (3/2 have the same parity, otherwise, 
for example, if a/2 is even and (3/2 odd then lcm(a/2, (3/2) = lcm(a/2, (3) and 
(3 divides lcm(a/2, (3/2) which is a contradiction. If ^(a) = V2(/3), then n = 
lcm(a/2, (3/2) is the minimum integer such that ip n {P) = —P and ip n {Q) = 
—Q. Otherwise, if both valuations are not equal, lcm(a/2, (3/2) is divisible by 
a if V2(a) < V2{(3) (by (3 if V2{a) > V2((3)) which contradicts f n (R) = —R- 

Counting the number of points of each type, namely / — 1, / — 1 and (/ — l) 2 , 
we have the number of factors of each type. 

ii) Suppose that q = p 2 . A point which is a non-zero multiple of P leads to factors 
of degree a or a/2 as before. If R is not a multiple of P, then in order to have 
<p n (R) = ±-R, we have that p n = ±1 and np n ~ x = 0. Then, depending on the 
parity of a, we have n = lcm(a, I) or n = lcm{a/2, 1). Finally, since a \ I — 1, 
it is relatively prime to I. Therefore, these values are h{a)l. 

□ 

Example 4 Consider the elliptic curve y 2 = x 5 + 3x + 6 over F17 and take I = 
5. Then a = 2 and (3 = 4. According to [2], the pattern of ip§(x) should be 
((1,2), (2,1), (2, 4)), but in fact it is ((1, 2), (2, 1), (4, 2)). 
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I am grateful to the referee, for this careful review and his suggestion at the 
preliminar version. 
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